<html>
<head><meta charset="utf-8"><title>grepping all of crates.io · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html">grepping all of crates.io</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="193531510"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193531510" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193531510">(Apr 10 2020 at 01:55)</a>:</h4>
<p>Turns out you can download all of <a href="http://crates.io" title="http://crates.io">crates.io</a> quite easily, and it only takes 50 Gb to do so. This enables analysis of <em>the entire ecosystem.</em> See <a href="https://redd.it/fxxued" title="https://redd.it/fxxued">https://redd.it/fxxued</a><br>
I had some ideas on what to check for, but forgot what they were. If you have any ideas - do share, since I can run such analysis quite easily.</p>



<a name="193533697"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193533697" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193533697">(Apr 10 2020 at 02:44)</a>:</h4>
<p>I can also run more complicated analysis with <a href="https://github.com/rust-lang/rustwide" title="https://github.com/rust-lang/rustwide">https://github.com/rust-lang/rustwide</a> - e.g. run <code>cargo-geiger</code> on all of <a href="http://crates.io" title="http://crates.io">crates.io</a></p>



<a name="193659971"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193659971" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193659971">(Apr 11 2020 at 13:14)</a>:</h4>
<p>So I've downloaded all the crates locally, let me know if you have any analysis ideas</p>



<a name="193673232"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193673232" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> HeroicKatora <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193673232">(Apr 11 2020 at 18:33)</a>:</h4>
<p>How feasible is '<code>unsafe</code> without a safety comment'?</p>



<a name="193673297"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193673297" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> HeroicKatora <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193673297">(Apr 11 2020 at 18:35)</a>:</h4>
<p>Second suggestion would be correlation between number of unsafe and crate dependencies. Both, if <code>unsafe</code> crates are used less often and to determine if <code>unsafe</code> typically appears in crates with little dependencies of their own.</p>



<a name="193673304"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193673304" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> HeroicKatora <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193673304">(Apr 11 2020 at 18:35)</a>:</h4>
<p>Third idea: Do <code>no_std</code> crates contain more or less <code>unsafe</code>.</p>



<a name="193674469"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193674469" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193674469">(Apr 11 2020 at 19:01)</a>:</h4>
<p>my wishlist: <br>
1) unwraps<br>
2) feature gates <br>
3) <code>&lt;dyn Any&gt;</code></p>



<a name="193676218"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193676218" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193676218">(Apr 11 2020 at 19:42)</a>:</h4>
<p>"<code>unsafe</code> without a safety comment" is tricky mostly because it's hard to define what "safety comment" is. But I can try searching for unsafe with no comments</p>



<a name="193676572"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193676572" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> HeroicKatora <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193676572">(Apr 11 2020 at 19:50)</a>:</h4>
<p>How about searching for particular language features, i.e. the time lag from their introduction to their use.<br>
For example, how often is <code>#[non_exhaustive]</code> used and is the usage of <code>__NonExhaustive</code> variants trending downards?<br>
Stuff like that.</p>



<a name="193677117"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193677117" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193677117">(Apr 11 2020 at 20:05)</a>:</h4>
<p>I've found over 100,000 <code>unwrap()</code> calls, I'll post the full list later. It will almost certainly require further processing or aggregation of some sort.</p>



<a name="193677447"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193677447" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193677447">(Apr 11 2020 at 20:13)</a>:</h4>
<p>i'll look into this. i have some code somewhere that can help and get further filters/aggregates possible.</p>



<a name="193677737"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193677737" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193677737">(Apr 11 2020 at 20:21)</a>:</h4>
<p>The search has just finished, and it found a bit over 800,000 <code>unwrap()</code>s</p>



<a name="193677913"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193677913" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193677913">(Apr 11 2020 at 20:24)</a>:</h4>
<p>Here are all the unwraps: <a href="https://drive.google.com/file/d/1sTAT-HeU6kfqjzn5_qHFaho5jdYIYe1j/view?usp=sharing" title="https://drive.google.com/file/d/1sTAT-HeU6kfqjzn5_qHFaho5jdYIYe1j/view?usp=sharing">https://drive.google.com/file/d/1sTAT-HeU6kfqjzn5_qHFaho5jdYIYe1j/view?usp=sharing</a></p>



<a name="193678019"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193678019" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193678019">(Apr 11 2020 at 20:27)</a>:</h4>
<p>All unstable features: <a href="https://drive.google.com/file/d/1za_FnPQwctM_5ie81I6LNwTiExnaCC3S/view?usp=sharing" title="https://drive.google.com/file/d/1za_FnPQwctM_5ie81I6LNwTiExnaCC3S/view?usp=sharing">https://drive.google.com/file/d/1za_FnPQwctM_5ie81I6LNwTiExnaCC3S/view?usp=sharing</a></p>



<a name="193678083"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193678083" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193678083">(Apr 11 2020 at 20:29)</a>:</h4>
<p><span class="user-mention" data-user-id="120823">@DPC</span> do you want me to search for <code>dyn Any</code> or <code>&lt;dyn Any&gt;</code> ?</p>



<a name="193678231"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193678231" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193678231">(Apr 11 2020 at 20:32)</a>:</h4>
<p>Ah nevermind, I've just searched for <code>dyn Any</code> because it's easy to narrow down from there<br>
<a href="https://pastebin.com/10ZqEmxZ" title="https://pastebin.com/10ZqEmxZ">https://pastebin.com/10ZqEmxZ</a> here you go</p>



<a name="193678942"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193678942" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193678942">(Apr 11 2020 at 20:51)</a>:</h4>
<p>There is 20,000,000 question mark symbols on <a href="http://crates.io" title="http://crates.io">crates.io</a>, so unwraps are dwarfed by them</p>



<a name="193680225"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193680225" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193680225">(Apr 11 2020 at 21:21)</a>:</h4>
<p>(deleted)</p>



<a name="193680227"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193680227" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193680227">(Apr 11 2020 at 21:21)</a>:</h4>
<p>the former</p>



<a name="193720999"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193720999" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193720999">(Apr 12 2020 at 17:05)</a>:</h4>
<p>I should also check for compiler warning suppressions</p>



<a name="193721209"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193721209" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193721209">(Apr 12 2020 at 17:11)</a>:</h4>
<p>Usage of <code>#![forbid(unsafe_code)]</code> and <code>#![deny(unsafe_code)]</code> would also be interesting</p>



<a name="193723338"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723338" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723338">(Apr 12 2020 at 18:06)</a>:</h4>
<p><a href="/user_uploads/4715/by_i4sksFaqKi3cs3W7WR_jo/allow_forbid_deny.zip" title="allow_forbid_deny.zip">allow_forbid_deny.zip</a></p>



<a name="193723370"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723370" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723370">(Apr 12 2020 at 18:07)</a>:</h4>
<p><span class="user-mention" data-user-id="133247">@bjorn3</span> there you go - all occurrences of <code>#![forbid(</code>, <code>#![deny(</code>, <code>#![allow(</code> and <code>#[allow(</code></p>



<a name="193723582"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723582" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723582">(Apr 12 2020 at 18:13)</a>:</h4>
<p>50 top suppressed compiler warnings on <a href="http://crates.io" title="http://crates.io">crates.io</a>: <a href="https://pastebin.com/nQYdre4y" title="https://pastebin.com/nQYdre4y">https://pastebin.com/nQYdre4y</a></p>



<a name="193723660"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723660" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> HeroicKatora <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723660">(Apr 12 2020 at 18:15)</a>:</h4>
<p>How is <code>unused_mut</code> in the tops here? Is the lint buggy?</p>



<a name="193723709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723709">(Apr 12 2020 at 18:16)</a>:</h4>
<p>No clue. Raw data is in the archive above, you're welcome to take a closer look</p>



<a name="193723725"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723725" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723725">(Apr 12 2020 at 18:16)</a>:</h4>
<p>27 fat_ptr_transmutes and 17 mutable_transmutes is slightly concerning as well, but not as prevalent as I feared</p>



<a name="193723810"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723810" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723810">(Apr 12 2020 at 18:18)</a>:</h4>
<p>these are global suppressions, local are 10x more numerous</p>



<a name="193723825"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193723825" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193723825">(Apr 12 2020 at 18:19)</a>:</h4>
<p>stats for local <code>#[allow(</code>, without the <code>!</code>: <a href="https://pastebin.com/ctUiZFgi" title="https://pastebin.com/ctUiZFgi">https://pastebin.com/ctUiZFgi</a></p>



<a name="193725698"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193725698" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193725698">(Apr 12 2020 at 19:05)</a>:</h4>
<p><code>#![allow(unsafe_code)]</code> is used 947 times, <code>#![deny(unsafe_code)]</code> is used 496 times and <code>#![forbid(unsafe_code)]</code> is used 782 times.</p>



<a name="193725707"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193725707" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193725707">(Apr 12 2020 at 19:05)</a>:</h4>
<p>This is lower than I hoped, but still a reasonable amount I guess.</p>



<a name="193725940"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193725940" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193725940">(Apr 12 2020 at 19:11)</a>:</h4>
<p>there are many crates without a single <code>unsafe</code> that don't forbid it either</p>



<a name="193729510"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193729510" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> lcnr <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193729510">(Apr 12 2020 at 20:48)</a>:</h4>
<p>Is there a good way to grep for single variant enums?</p>
<div class="codehilite"><pre><span></span>enum .* \{\n.*\n\}
</pre></div>


<p>might be close enough <span aria-label="shrug" class="emoji emoji-1f937" role="img" title="shrug">:shrug:</span></p>



<a name="193729886"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193729886" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> lcnr <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193729886">(Apr 12 2020 at 20:58)</a>:</h4>
<p><code>rg -U "enum[^\\n]+\\{\\n[^\\n]+\\n\\}"</code></p>



<a name="193732940"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193732940" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193732940">(Apr 12 2020 at 22:24)</a>:</h4>
<p><span class="user-mention" data-user-id="216206">@Bastian Kauschke</span> here you go: <a href="/user_uploads/4715/QuTksR3H-Bk4yQIorIfzbTo-/single-variant-enums.gz" title="single-variant-enums.gz">single-variant-enums.gz</a> <br>
Same rg command as you suggested plus <code>--iglob '*.rs'</code></p>



<a name="193734377"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193734377" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193734377">(Apr 12 2020 at 23:04)</a>:</h4>
<p>Also reported the memory leak I'm seeing in ripgrep: <a href="https://github.com/BurntSushi/ripgrep/issues/1550" title="https://github.com/BurntSushi/ripgrep/issues/1550">https://github.com/BurntSushi/ripgrep/issues/1550</a></p>



<a name="193752261"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193752261" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> lcnr <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193752261">(Apr 13 2020 at 08:05)</a>:</h4>
<p>Seems like there are about a 1000 if them <span aria-label="thinking" class="emoji emoji-1f914" role="img" title="thinking">:thinking:</span> I doubt that's worth optimizing</p>



<a name="193754584"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193754584" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193754584">(Apr 13 2020 at 08:48)</a>:</h4>
<p><span class="user-mention silent" data-user-id="216206">Bastian Kauschke</span> <a href="#narrow/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio/near/193752261" title="#narrow/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio/near/193752261">said</a>:</p>
<blockquote>
<p>Seems like there are about a 1000 if them <span aria-label="thinking" class="emoji emoji-1f914" role="img" title="thinking">:thinking:</span> I doubt that's worth optimizing</p>
</blockquote>
<p>note that the optimization also applies to enums like <code>Result&lt;T, !&gt;</code></p>



<a name="193754594"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193754594" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193754594">(Apr 13 2020 at 08:48)</a>:</h4>
<p>i.e., enums where only a single variant is inhabited or non-zero-size</p>



<a name="193776054"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193776054" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193776054">(Apr 13 2020 at 14:17)</a>:</h4>
<p><a href="https://github.com/avadacatavra/unsafe-unicorn" title="https://github.com/avadacatavra/unsafe-unicorn">https://github.com/avadacatavra/unsafe-unicorn</a> is something akin to <code>cargo-geiger</code> it seems. Less accurate but doesn't compile anything. I'll try to run it on all crates from <a href="http://crates.io" title="http://crates.io">crates.io</a> later.</p>



<a name="193781260"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193781260" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193781260">(Apr 13 2020 at 15:09)</a>:</h4>
<p>Cc <span class="user-mention" data-user-id="126854">@avadacatavra</span></p>



<a name="193820462"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193820462" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193820462">(Apr 13 2020 at 20:58)</a>:</h4>
<p>Percentage of unsafe code in every crate on <a href="http://crates.io" title="http://crates.io">crates.io</a>, courtesy of <code>unsafe-unicorn</code>: <a href="/user_uploads/4715/P8GltJkBjaV3LxSOgx0-Es0B/unsafe_unicorn_pretty.gz" title="unsafe_unicorn_pretty.gz">unsafe_unicorn_pretty.gz</a></p>



<a name="193843298"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193843298" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193843298">(Apr 14 2020 at 01:51)</a>:</h4>
<p><a href="/user_uploads/4715/88Ku-fNFTJX2Fd9kiSLzYBl9/crates_io_unsafe_percentage.png" title="crates_io_unsafe_percentage.png">crates_io_unsafe_percentage.png</a></p>
<div class="message_inline_image"><a href="/user_uploads/4715/88Ku-fNFTJX2Fd9kiSLzYBl9/crates_io_unsafe_percentage.png" title="crates_io_unsafe_percentage.png"><img src="/user_uploads/4715/88Ku-fNFTJX2Fd9kiSLzYBl9/crates_io_unsafe_percentage.png"></a></div>



<a name="193843341"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193843341" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193843341">(Apr 14 2020 at 01:52)</a>:</h4>
<p>Same thing plotted. Very pretty graph</p>



<a name="193843358"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193843358" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193843358">(Apr 14 2020 at 01:52)</a>:</h4>
<p>(Please label axes! :)</p>



<a name="193843452"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193843452" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193843452">(Apr 14 2020 at 01:54)</a>:</h4>
<p>Good call, let me do that</p>



<a name="193843613"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193843613" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193843613">(Apr 14 2020 at 01:58)</a>:</h4>
<p><a href="user_uploads/4715/-LWeT9WLklQUVjaLgn4IC_w3/crates_io_unsafe_percentage.svg.png" title="user_uploads/4715/-LWeT9WLklQUVjaLgn4IC_w3/crates_io_unsafe_percentage.svg.png">crates_io_unsafe_percentage.svg.png</a> better?</p>
<div class="message_inline_image"><a href="user_uploads/4715/-LWeT9WLklQUVjaLgn4IC_w3/crates_io_unsafe_percentage.svg.png" title="crates_io_unsafe_percentage.svg.png"><img src="user_uploads/4715/-LWeT9WLklQUVjaLgn4IC_w3/crates_io_unsafe_percentage.svg.png"></a></div>



<a name="193843712"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193843712" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193843712">(Apr 14 2020 at 02:01)</a>:</h4>
<p>72.5% crates use no unsafe code whatsoever</p>



<a name="193844201"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193844201" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193844201">(Apr 14 2020 at 02:13)</a>:</h4>
<p>hm yes but I'm not sure what "crate number is"</p>



<a name="193844261"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193844261" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193844261">(Apr 14 2020 at 02:14)</a>:</h4>
<p>is that time correlated? otherwise I'd just say "cumulative % of crates" or something?</p>



<a name="193844271"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193844271" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193844271">(Apr 14 2020 at 02:14)</a>:</h4>
<p>(not that, literally, as I think that's wrong)</p>



<a name="193844293"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193844293" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193844293">(Apr 14 2020 at 02:15)</a>:</h4>
<p>Not time correlated, I just ordered all crates by unsafe % and plotted it. Every point on X axis is one crate. Not sure how to name that</p>



<a name="193844429"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193844429" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193844429">(Apr 14 2020 at 02:18)</a>:</h4>
<p>it's not cumulative and scale is linear</p>



<a name="193844546"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193844546" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193844546">(Apr 14 2020 at 02:20)</a>:</h4>
<p>Also, 94.6% of all lines of code on <a href="http://crates.io" title="http://crates.io">crates.io</a> are outside <code>unsafe</code> blocks</p>



<a name="193853955"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193853955" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> timotree <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193853955">(Apr 14 2020 at 06:17)</a>:</h4>
<p>I'm pretty sure the x-axis is flipped in that plot. Shouldn't it be that only 74 crates have 100% unsafe code not that 35000 do?</p>



<a name="193875736"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/193875736" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#193875736">(Apr 14 2020 at 10:12)</a>:</h4>
<p>Yeah, I think that's at least part of why I felt odd about it. Maybe better to swap the x and y axes, with percent of crates on y and unsafe lines on x? I think "% lines of unsafe code" is the interesting metric for the most part to look things up by, so it should be on the x axis</p>



<a name="194552552"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/194552552" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#194552552">(Apr 18 2020 at 16:26)</a>:</h4>
<p>That there are currently 10670 invocations of <code>get_unchecked</code> (incl. <code>_mut</code> variant) across 864 crates on <a href="http://crates.io" title="http://crates.io">crates.io</a>, and the median number of uses per crate seems to be 3.</p>



<a name="194552622"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/194552622" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#194552622">(Apr 18 2020 at 16:27)</a>:</h4>
<p>Also, <code>rg</code> was consuming 1Gb memory when running this search. I've reported that as an issue and it's now fixed: <a href="https://github.com/BurntSushi/ripgrep/pull/1554" title="https://github.com/BurntSushi/ripgrep/pull/1554">https://github.com/BurntSushi/ripgrep/pull/1554</a><br>
An interesting side effect of that is the removal of <code>crossbeam-channel</code> dependency</p>



<a name="195079209"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/195079209" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#195079209">(Apr 23 2020 at 15:36)</a>:</h4>
<p><a href="https://internals.rust-lang.org/t/i-analysed-5000-crates-to-find-the-most-common-standard-library-imports/12218" title="https://internals.rust-lang.org/t/i-analysed-5000-crates-to-find-the-most-common-standard-library-imports/12218">https://internals.rust-lang.org/t/i-analysed-5000-crates-to-find-the-most-common-standard-library-imports/12218</a></p>



<a name="196092749"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/196092749" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#196092749">(May 03 2020 at 09:07)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> in the context of <a href="https://github.com/rust-lang/rust/issues/71800" title="https://github.com/rust-lang/rust/issues/71800">https://github.com/rust-lang/rust/issues/71800</a>... could you grep for code that downgrades <code>const_err</code> from its default level (deny) to warn/allow?</p>



<a name="196101585"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/196101585" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#196101585">(May 03 2020 at 12:40)</a>:</h4>
<p>Sure thing! I've posted the result on the issue.</p>



<a name="196182312"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/grepping%20all%20of%20crates.io/near/196182312" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/grepping.20all.20of.20crates.2Eio.html#196182312">(May 04 2020 at 13:52)</a>:</h4>
<p>thanks!</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>